Conducting a RAM extraction as part of the computer evidence collection process is a front line examiner skill which becoming more and more in demand. A system’s live memory contains an assortment of valuable forensic data. A computer analyst trained in memory forensics can dig out evidence of hidden malware processes, user activity and encryption keys or password hashes that may be critical to accesses protected data.

This class provides you with the foundation knowledge to help you make better decisions about why or why not to capture live memory. It also gives you hands on experience using a number of freely available RAM capture tools and covers the advanced topic of using Inception.

Learn why RAM extractions are important and how the data can affect your case.
Practical exercises give you hands on experience with different RAM extraction tools.
Learn how to evaluate and benchmark your RAM capture tools.
Learn how to use PALADIN to launch INCEPTION to gain access to password protected systems in order to extract RAM.
Learn all of this in about one hour using all freely available tools.

Modules
RAM Extraction - Introduction
LESSONS
R.E.F. – Welcome to the SDF Series
R.E.F. – Maximize your learning
RAM Extraction - Fundamentals
LESSONS
R.E.F. – Why is RAM important?
R.E.F. – The RAM debate
R.E.F. – Setting up for success
RAM Extraction - Hands-On
LESSONS
R.E.F. – Tools for the class
R.E.F. – Goals & modes
R.E.F. – DumpIt overview
R.E.F. – DumpIt in action
R.E.F. – Belkasoft’s RAM Capturer tool overview
R.E.F. – Belkasoft’s RAM Capturer tool in action
R.E.F. – Magnet RAM Capture tool overview
R.E.F. – Magnet RAM Capture in action
R.E.F. – FTK Imager’s RAM Capture tool overview
R.E.F. – FTK Imager’s RAM Capture in action
RAM Extraction - Inception
LESSONS
R.E.F. – Download Paladin ISO
R.E.F. – Inception overview
R.E.F. – Inception in action
R.E.F. – Note about INCEPTION and RAM Capture
RAM Extraction - Conclusion
LESSONS
R.E.F. – Review
R.E.F. – Thank you & conclusion